Dependable and secure

The theme of this year ICSE is about "Developing Dependable
Software", acknowledging the that our lives depend directly on
several complex software-based systems. The Internet connects and
enables a growing list of critical activities from which people
expect services and revenues. They should be able to trust
these systems to provide data and elaborations with a degree of
confidentiality, integrity, and availability compatible with their
needs. The pervasiveness of software products in the creation of
critical infrastructures has raised the value of trustworthiness and
new efforts should be dedicated to achieve it. However, nowadays
almost every application has some kind of security requirement even
if its use is not to be considered critical.

Thus, designers have to cope with the complexity of insecure
operating environments by considering threats to their application
correctness. Security concerns should be taken into account as
early as possible, and not added to systems as an after-thought:
this is extremely expensive and it may compromise the design
integrity in critical ways. Security features such as cryptographic
protocols and tamper-resistant hardware cannot be simply added on to
transform an insecure product to a secure one.

Security solutions and patterns are hard to reuse in different
contexts, they crosscut all the system components and a
vulnerability alone might compromise the trustworthiness of the
whole system. Thus, not surprisingly, several security holes are
recurrent, notwithstanding the experience accumulated by security
research in the last decades. Software engineers and practitioners
should assimilate basic security techniques and discover new
techniques for integrating them in the current practice, while
understanding associated costs and benefits. Several
well-established software engineering disciplines such as
verification, testing, program analysis, process support,
configuration management, requirement engineering, etc. could
contribute to improving security solutions that sometimes lack a
coherent methodological approach. Or, as it is the case of security
standards proposed by the Common Criteria or
BS7799, present challenges that prevent integration
with mainstream software engineering practice.

The SESS workshop aims at providing a venue for software
engineers and security researchers to exchange ideas and
techniques. First and second were
held in conjunction with past edition of ICSE.

We are looking for unpublishged contributions. Accepted papers will
be included into ICSE proceedings. A post-workshop special
issue of a scientific journal is under negotiation.